package com.example.demo.xss;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class XssController {
    /** 传入 <script>for(var i=0;i<2;i++){alert("11111");}</script> */

    // 排除路径，不会进行处理
    @RequestMapping("/xss/test/no/filter")
    public String testXssNoFilter(@RequestParam String inputStr) {
        return inputStr;
    }

    /** 会根据jsoup的规则处理请求入参 */
    @RequestMapping("/xss/test/filter/save")
    public String testXssFilter(@RequestParam String inputStr) {
        return inputStr;
    }

}
